Bitcoins stored in Ledger Live or in Ledger Nano S hardware wallet?

[Hendrik51]

Hello,

I am using a Ledger Nano S hardware wallet since last week. I put bitcoins on there last week and now I open my Ledger Live on my PC without having the Nano S connected to it, and it loads my balance perfectly. How is it possible that this app knows my balance without being connected to my Nano S? The Bitcoins are only stored in my Nano S, correct?
So does Ledger Live simply remember my balance from the last time I conntected the Nano S to it, or how can this be possible?

[bitmover]

Your bitcoins aren't store in the ledger, neither on ledger live app.

Your bitcoins are stored in the blockchain. You have some balance which is registered in the blockchain and that balance is associated with your privatekeys.

So, what does your ledger device store ? Your device stores only your  privatekeys, safely, which are also stored in the piece of paper where you wrote your seed.

And what is stored in your ledger live app? Nothing relevant, just the public addresses associated with your balance. Ledger live app just keep itself updated with the blockchain. Your app can only view balances. Blockchain is public, and anyone with your public address can monitor your balance.

[Hendrik51]

Your bitcoins aren't store in the ledger, neither on ledger live app.

Your bitcoins are stored in the blockchain. You have some balance which is registered there and associated with your privatekeys.

So, what does your ledger device store ? Your privatekeys, which are also stored in the piece of paper where you wrote your seed.

And what is store in your ledger live app? Nothing relevant, just the public addresses associated with your balance. Ledger live app just keep itself updated with the blockchain.

Okay, so just to be sure: if my PC gets hacked and somebody can enter my Ledger Live, he cannot steal any bitcoins from me?

And second question: I cannot send or receive any bitcoins via Ledger Live without connecting my hardware wallet to it first?

[pereira4]

Your bitcoins aren't store in the ledger, neither on ledger live app.

Your bitcoins are stored in the blockchain. You have some balance which is registered there and associated with your privatekeys.

So, what does your ledger device store ? Your privatekeys, which are also stored in the piece of paper where you wrote your seed.

And what is store in your ledger live app? Nothing relevant, just the public addresses associated with your balance. Ledger live app just keep itself updated with the blockchain.

Okay, so just to be sure: if my PC gets hacked and somebody can enter my Ledger Live, he cannot steal any bitcoins from me?

And second question: I cannot send or receive any bitcoins via Ledger Live without connecting my hardware wallet to it first?

No, that's the whole point. You can't move funds if the private keys aren't accessible for the attacker, which they aren't since you don't have the Nano connected.

You can receive funds at any time.

[bitmover]

Okay, so just to be sure: if my PC gets hacked and somebody can enter my Ledger Live, he cannot steal any bitcoins from me?

No, he needs your privatekeys to spend funds. And the privatekeys are stored in the device, and on the paper.

And second question: I cannot send or receive any bitcoins via Ledger Live without connecting my hardware wallet to it first?

Yes, you cannot send without the device, because you need the privatekey to spend

[ranochigo]

Okay, so just to be sure: if my PC gets hacked and somebody can enter my Ledger Live, he cannot steal any bitcoins from me?

And second question: I cannot send or receive any bitcoins via Ledger Live without connecting my hardware wallet to it first?

They can't. AFAIK, the only reason why Ledger Live can see your balance is because the list of addresses is known by the app once you connect your Nano S to it. No one can steal your balance because your private keys aren't stored in Ledger Live; they are only on your Nano S.

Also No. Think of Bitcoin addresses as mailboxes. People can send mails to your mailbox without getting your key but the only way to get your mail is to open it with a key. It works the same for Bitcoin. You don't have to connect your hardware wallet to receive Bitcoin, you only have to do it when you want to spend them.

[Hendrik51]

Okay thanks for comforting me.

Last question: if my PC gets hacked when I have my ledger Nano S connected to it via USB.....are my bitcoins vulnerable at that moment? Or even then not?

[ranochigo]

Last question: if my PC gets hacked when I have my ledger Nano S connected to it via USB.....are my bitcoins vulnerable at that moment? Or even then not?

Your PC does not have your private keys which means that it is not vulnerable in that area. The only place that the hacker could somehow compromise is the Nano S that is connected but since its secure enough such that there's no known vulnerabilities to access the private key inside the device, the hacker can't get to your private key either.

With the confirmation on your Nano S, your transactions are secured since you can tell if the funds are going to the correct address.

TLDR: You are safe. That's what hardware wallets are designed to do.

[nc50lc]

Okay thanks for comforting me.

Last question: if my PC gets hacked when I have my ledger Nano S connected to it via USB.....are my bitcoins vulnerable at that moment? Or even then not?

There's a lot of gray areas in terms of "hacked PC" but in general, Ledger claims that your device doesn't reveal your private keys to the connected PC and the hardware for the private key storage is securely separated.
So, your keys are pretty safe as long as you [1] double-check everything before you sign a transaction.

There are couple of social-engineering, fake version of ledger live and manipulative type malware and viruses out there that can make you sign a fraudulent transaction (not without your consent) though.
Ex. Clipboard hijacking malware. [1]

[Pmalek]

Your Bitcoins will be safe on your hardware wallet because an attacker can't send anything from it without confirming the transaction physically on the device itself by pressing the designated button. Just make sure you keep your seed (the 12 or 24 words) safe and never save it on your computer. Write it down by hand on a piece of paper or in a notebook and store it in a safe place.

That seed should never by entered into a software for any reason.
There have been fake Ledger Live apps that required users to enter the seed for whatever reason. DO NOT DO THIS EVER!

The only time you would need to enter your seed is if you are restoring your wallet but even then it is only entered on the hardware wallet and never in the Ledger Live app or elsewhere.

[o_e_l_e_o]

There are couple of social-engineering, fake version of ledger live and manipulative type malware and viruses out there that can make you sign a fraudulent transaction (not without your consent) though.

This can't be stressed enough.

The whole point of a hardware wallet is to protect you from viruses and malware on your computer which would otherwise be able to steal your coins if you were storing them on a simple software wallet. Any transaction you make (with any wallet) requires the transaction to be signed with your private key before it can be broadcast. With a hardware wallet like Ledger, the private keys are stored on a secure element and never leave the device. Therefore, to sign a transaction, the transaction has to be sent to the device, signed inside the secure element, and then sent back to your computer. In this process of signing the transaction on the device, the device displays the receiving address and amount of bitcoin to send, and you have to manually check and confirm this is correct.

There exists malware which can take over the software on your computer and generate malicious transactions (such as trying to send all your bitcoin to an attacker's address). With a hardware wallet, as explained above, before this transaction could be made, it has to pass through your hardware wallet, meaning it has to be displayed on the screen and you have to manually confirm it before it can be broadcast. Therefore, although using your hardware wallet with a "hacked PC" as you put means you are still vulnerable, your coins can never be stolen provided you double check all addresses and amounts on your Ledger device's screen prior to confirming.

[nc50lc]

There are couple of social-engineering, fake version of ledger live and manipulative type malware and viruses out there that can make you sign a fraudulent transaction (not without your consent) though.

This can't be stressed enough.

-snip-

That's why it was followed by [1] "double-check everything before you sign a transaction." 

[Hendrik51]

Thanks all for the detailed responses!